This is an archive of the discontinued LLVM Phabricator instance.

compiler-rt/lib/scudo/standalone/memtag.h
106–122	Worth a `DCHECK` that `Begin` and `End` are granule-aligned (and in selectRandomTag)?
107	Probably better to be safe and make this `if (Begin < End)`?

This revision is now accepted and ready to land.Dec 9 2020, 9:36 AM

pcc added inline comments.Dec 9 2020, 11:15 AM

compiler-rt/lib/scudo/standalone/memtag.h
106–122	`End` doesn't need to be granule-aligned (we can pass an unaligned `End` from the primary allocator). This is the reason why we return the address of the end of the tagged region instead of just letting the caller use `End`. I suppose that we could check `Begin` here though.
107	I'm not sure about that. I think that if `Begin > End` we will want to crash here (i.e. the likely source of the bug) instead of at some indeterminate point later.

This revision was landed with ongoing or failed builds.Dec 9 2020, 11:49 AM

Closed by commit rG9f8aeb060293: scudo: Split setRandomTag in two. NFCI. (authored by pcc). · Explain Why

This revision was automatically updated to reflect the committed changes.

pcc added a commit: rG9f8aeb060293: scudo: Split setRandomTag in two. NFCI..

Revision Contents

Path

Size

compiler-rt/

lib/

scudo/

standalone/

memtag.h

74 lines

Diff 310596

compiler-rt/lib/scudo/standalone/memtag.h

Show All 15 Lines
#include <sys/prctl.h>		#include <sys/prctl.h>
#if defined(ANDROID_EXPERIMENTAL_MTE)		#if defined(ANDROID_EXPERIMENTAL_MTE)
#include <bionic/mte_kernel.h>		#include <bionic/mte_kernel.h>
#endif		#endif
#endif		#endif

namespace scudo {		namespace scudo {

		void setRandomTag(void Ptr, uptr Size, uptr ExcludeMask, uptr TaggedBegin,
		uptr *TaggedEnd);

#if defined(__aarch64__) \|\| defined(SCUDO_FUZZ)		#if defined(__aarch64__) \|\| defined(SCUDO_FUZZ)

inline constexpr bool archSupportsMemoryTagging() { return true; }		inline constexpr bool archSupportsMemoryTagging() { return true; }
inline constexpr uptr archMemoryTagGranuleSize() { return 16; }		inline constexpr uptr archMemoryTagGranuleSize() { return 16; }

inline uptr untagPointer(uptr Ptr) { return Ptr & ((1ULL << 56) - 1); }		inline uptr untagPointer(uptr Ptr) { return Ptr & ((1ULL << 56) - 1); }

inline uint8_t extractTag(uptr Ptr) { return (Ptr >> 56) & 0xf; }		inline uint8_t extractTag(uptr Ptr) { return (Ptr >> 56) & 0xf; }
▲ Show 20 Lines • Show All 54 Lines • ▼ Show 20 Lines	__asm__ __volatile__(".arch_extension mte; mrs %0, tco; msr tco, #1"
: "=r"(PrevTCO));		: "=r"(PrevTCO));
}		}

~ScopedDisableMemoryTagChecks() {		~ScopedDisableMemoryTagChecks() {
__asm__ __volatile__(".arch_extension mte; msr tco, %0" : : "r"(PrevTCO));		__asm__ __volatile__(".arch_extension mte; msr tco, %0" : : "r"(PrevTCO));
}		}
};		};

inline void setRandomTag(void *Ptr, uptr Size, uptr ExcludeMask,		inline uptr selectRandomTag(uptr Ptr, uptr ExcludeMask) {
uptr TaggedBegin, uptr TaggedEnd) {		uptr TaggedPtr;
void *End;		__asm__ __volatile__(
		".arch_extension mte; irg %[TaggedPtr], %[Ptr], %[ExcludeMask]"
		: [TaggedPtr] "=r"(TaggedPtr)
		: [Ptr] "r"(Ptr), [ExcludeMask] "r"(ExcludeMask));
		return TaggedPtr;
		}

		inline uptr storeTags(uptr Begin, uptr End) {
		DCHECK(Begin % 16 == 0);
		hctimUnsubmitted Not Done Reply Inline Actions Probably better to be safe and make this `if (Begin < End)`? hctim: Probably better to be safe and make this `if (Begin < End)`?
		pccAuthorUnsubmitted Done Reply Inline Actions I'm not sure about that. I think that if `Begin > End` we will want to crash here (i.e. the likely source of the bug) instead of at some indeterminate point later. pcc: I'm not sure about that. I think that if `Begin > End` we will want to crash here (i.e. the…
		if (Begin != End) {
__asm__ __volatile__(		__asm__ __volatile__(
R"(		R"(
.arch_extension mte		.arch_extension mte

// Set a random tag for Ptr in TaggedPtr. This needs to happen even if
// Size = 0 so that TaggedPtr ends up pointing at a valid address.
irg %[TaggedPtr], %[Ptr], %[ExcludeMask]
mov %[Cur], %[TaggedPtr]

// Skip the loop if Size = 0. We don't want to do any tagging in this case.
cbz %[Size], 2f

// Set the memory tag of the region
// [TaggedPtr, TaggedPtr + roundUpTo(Size, 16))
// to the pointer tag stored in TaggedPtr.
add %[End], %[TaggedPtr], %[Size]

1:		1:
stzg %[Cur], [%[Cur]], #16		stzg %[Cur], [%[Cur]], #16
cmp %[Cur], %[End]		cmp %[Cur], %[End]
b.lt 1b		b.lt 1b

2:
)"		)"
:		: [Cur] "+&r"(Begin)
[TaggedPtr] "=&r"(TaggedBegin), [Cur] "=&r"(TaggedEnd), [End] "=&r"(End)		: [End] "r"(End)
: [Ptr] "r"(Ptr), [Size] "r"(Size), [ExcludeMask] "r"(ExcludeMask)
: "memory");		: "memory");
}		}
		return Begin;
		hctimUnsubmitted Not Done Reply Inline Actions Worth a `DCHECK` that `Begin` and `End` are granule-aligned (and in selectRandomTag)? hctim: Worth a `DCHECK` that `Begin` and `End` are granule-aligned (and in selectRandomTag)?
		pccAuthorUnsubmitted Done Reply Inline Actions `End` doesn't need to be granule-aligned (we can pass an unaligned `End` from the primary allocator). This is the reason why we return the address of the end of the tagged region instead of just letting the caller use `End`. I suppose that we could check `Begin` here though. pcc: `End` doesn't need to be granule-aligned (we can pass an unaligned `End` from the primary…
		}

inline void prepareTaggedChunk(void Ptr, uptr Size, uptr ExcludeMask,		inline void prepareTaggedChunk(void Ptr, uptr Size, uptr ExcludeMask,
uptr BlockEnd) {		uptr BlockEnd) {
// Prepare the granule before the chunk to store the chunk header by setting		// Prepare the granule before the chunk to store the chunk header by setting
// its tag to 0. Normally its tag will already be 0, but in the case where a		// its tag to 0. Normally its tag will already be 0, but in the case where a
// chunk holding a low alignment allocation is reused for a higher alignment		// chunk holding a low alignment allocation is reused for a higher alignment
// allocation, the chunk may already have a non-zero tag from the previous		// allocation, the chunk may already have a non-zero tag from the previous
// allocation.		// allocation.
▲ Show 20 Lines • Show All 85 Lines • ▼ Show 20 Lines
inline void enableMemoryTagChecksTestOnly() {		inline void enableMemoryTagChecksTestOnly() {
UNREACHABLE("memory tagging not supported");		UNREACHABLE("memory tagging not supported");
}		}

struct ScopedDisableMemoryTagChecks {		struct ScopedDisableMemoryTagChecks {
ScopedDisableMemoryTagChecks() {}		ScopedDisableMemoryTagChecks() {}
};		};

inline void setRandomTag(void *Ptr, uptr Size, uptr ExcludeMask,		inline uptr selectRandomTag(uptr Ptr, uptr ExcludeMask) {
uptr TaggedBegin, uptr TaggedEnd) {
(void)Ptr;		(void)Ptr;
(void)Size;
(void)ExcludeMask;		(void)ExcludeMask;
(void)TaggedBegin;		UNREACHABLE("memory tagging not supported");
(void)TaggedEnd;		}

		inline uptr storeTags(uptr Begin, uptr End) {
		(void)Begin;
		(void)End;
UNREACHABLE("memory tagging not supported");		UNREACHABLE("memory tagging not supported");
}		}

inline void prepareTaggedChunk(void Ptr, uptr Size, uptr ExcludeMask,		inline void prepareTaggedChunk(void Ptr, uptr Size, uptr ExcludeMask,
uptr BlockEnd) {		uptr BlockEnd) {
(void)Ptr;		(void)Ptr;
(void)Size;		(void)Size;
(void)ExcludeMask;		(void)ExcludeMask;
Show All 10 Lines

inline uptr loadTag(uptr Ptr) {		inline uptr loadTag(uptr Ptr) {
(void)Ptr;		(void)Ptr;
UNREACHABLE("memory tagging not supported");		UNREACHABLE("memory tagging not supported");
}		}

#endif		#endif

		inline void setRandomTag(void *Ptr, uptr Size, uptr ExcludeMask,
		uptr TaggedBegin, uptr TaggedEnd) {
		*TaggedBegin = selectRandomTag(reinterpret_cast<uptr>(Ptr), ExcludeMask);
		TaggedEnd = storeTags(TaggedBegin, *TaggedBegin + Size);
		}

} // namespace scudo		} // namespace scudo

#endif		#endif

This is an archive of the discontinued LLVM Phabricator instance.

scudo: Split setRandomTag in two. NFCI.ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 310596

compiler-rt/lib/scudo/standalone/memtag.h

scudo: Split setRandomTag in two. NFCI.
ClosedPublic